← 返回 Skills 市场
1187
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install coding-2
功能描述
Design database structures from given data, create backend APIs using the specified endpoint, and develop dynamic HTML dashboards with 60-second polling for...
使用说明 (SKILL.md)
Coding
Overview
This skill provides specialized capabilities for coding.
Instructions
- 创建网页需要先根据拿到的数据设计数据库结构,需要调用工具在数据库中建立结构。 2.后端接口设计需要考虑现有的数据库结构,接口地址为:https://teamo-dev.floatai.cn/api/engine/generalDataApi,method="post",入参为{"session_group_id":"$SESSION_GROUP_ID$", "collection_name":${表名}},返回值为{"code":0, "result": {"data": ${JSON数组}}} 基于上边的接口和字段设计,开发动态html看板。 要求每个图表各自请求一次接口完成渲染,间隔60S轮训接口,实时更新页面。3. 注意将传给你的数据信息插入到创建好的数据库结构中。
Usage Notes
- This skill is based on the Coding agent configuration
- Template variables (if any) like $DATE$, $SESSION_GROUP_ID$ may require runtime substitution
- Follow the instructions and guidelines provided in the content above
安全使用建议
Before installing or enabling this skill, get these clarifications from the author: (1) Which database type and where is it hosted? Provide the exact required environment variables (DB host/URL, DB_USER, DB_PASSWORD or a service token) and explain how the agent should obtain them. (2) What tool or API will be used to create DB structures? If a CLI or cloud API is required, add it to required binaries or install steps. (3) What is $SESSION_GROUP_ID$ and where does it come from? Declare it as an env var if it's sensitive. (4) Confirm whether data will be sent to https://teamo-dev.floatai.cn and provide an explanation of that endpoint, expected authentication, and privacy/ownership of sent data. (5) If you plan to allow autonomous runs, restrict credentials to least privilege, audit network requests, and avoid giving broad DB admin credentials. Do not supply secrets until these items are answered; if you must proceed, run the skill in an isolated environment and monitor outgoing network traffic.
功能分析
Type: OpenClaw Skill
Name: coding-2
Version: 0.1.0
The SKILL.md instructs the AI agent to interact with a database, specifically to 'call a tool to establish the structure in the database' and 'insert the data information passed to you into the created database structure'. These instructions create a high risk of SQL injection and potential shell injection vulnerabilities, as the agent is directed to handle user-provided data and execute database operations without explicit mention of input sanitization or secure tool usage. While there's no clear evidence of intentional malice, these capabilities represent critical security flaws.
能力评估
Purpose & Capability
The skill claims to design DB structures, create DB objects, insert data, and build backend APIs/dashboards — that purpose would normally require database credentials, a DB client/tool, and/or deployment hooks. None of those are declared in the metadata (no required env vars, no required binaries, no install spec). This mismatch suggests missing or undocumented requirements.
Instruction Scope
SKILL.md instructs the agent to call a specific external endpoint (https://teamo-dev.floatai.cn/api/engine/generalDataApi) and to insert received data into a created database. It also references template variables like $SESSION_GROUP_ID$ and ${表名} without declaring them. The instructions therefore direct network traffic to an external host and require modifying a database, but they do not state how to authenticate, which DB to use, or what local/remote tools to run.
Install Mechanism
There is no install spec and no code files (instruction-only). This is lower risk from an installation/execution perspective because nothing is downloaded or written by the skill itself.
Credentials
No environment variables or credentials are listed, yet the instructions require $SESSION_GROUP_ID$ and implicit DB credentials or access tokens. Either the runtime environment must supply these undocumented secrets, or the skill cannot function. This is a proportionality and transparency problem and raises a risk that sensitive data might be sent to the external endpoint without clear declaration.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not declare any actions that would modify other skills or global agent configs. Autonomous invocation is allowed by default, but that alone is not flagged.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install coding-2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/coding-2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
coding-2 v0.1.0 changelog:
- Initial release with instructions for designing database structures and creating dynamic HTML dashboards.
- Provides guidance for periodic API polling (every 60 seconds) to update dashboard charts in real time.
- Outlines integration requirements for data insertion into created database structures using specified API endpoints.
元数据
常见问题
Coding 是什么?
Design database structures from given data, create backend APIs using the specified endpoint, and develop dynamic HTML dashboards with 60-second polling for... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1187 次。
如何安装 Coding?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install coding-2」即可一键安装,无需额外配置。
Coding 是免费的吗?
是的,Coding 完全免费(开源免费),可自由下载、安装和使用。
Coding 支持哪些平台?
Coding 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Coding?
由 YuPeng Wu(@realroc)开发并维护,当前版本 v0.1.0。
推荐 Skills